Closed dvzrv closed 1 year ago
@MaxKellermann the license files are unfortunately not included in the source tarball. Can you please add them for the next release?
Also, the BSD-2-Clause license requires setting the Copyright (c) <year> <owner>
bits.
The commit is not part of MPD 0.23.x, it was only merged in master, therefore you don't see its effects on the 0.23.15 release.
Also, the BSD-2-Clause license requires setting the
Copyright (c) <year> <owner>
bits.
The license cannot "require" anything, it is just a piece of text. What or who is really requiring this?
The commit is not part of MPD 0.23.x, it was only merged in master, therefore you don't see its effects on the 0.23.15 release.
Ah I see. I am not super familiar with the merge strategy of this project :)
The license cannot "require" anything, it is just a piece of text. What or who is really requiring this?
Maybe I phrased this insufficiently as I was in a hurry. The file added in the commit is a template and as such does not carry the date and copyright holder statements, which indicate in which year the statement was made by whom. Similar to other licenses, such as the MIT license, this specific information ties a legal entity (e.g. a person or an institution) to a body of work and ensures, that whoever is using this work is legally allowed to e.g. redistribute or build upon this work and can (if in doubt) contact an entity about this. As such, all downstreams care about these statements.
Bug report
Describe the bug
Hi! I maintain this project as a package for Arch Linux. As we have started make use of SPDX license identifiers in our package sources and taken greater care in figuring out upstream's licensing situation, I looked into mpd's sources a bit more closely.
I noticed quite a few files that are licensed under BSD-2-Clause: https://github.com/search?q=repo%3AMusicPlayerDaemon%2FMPD%20SPDX-License-Identifier%3A%20BSD-2-Clause&type=code I was not able to find a dedicated license file for this, but am required to package a license file alongside source and binary distributions of said code.
Additionally, it seems, that most other files are licensed under the terms of the GPL-2.0-or-later (https://github.com/search?q=repo%3AMusicPlayerDaemon%2FMPD%20SPDX-License-Identifier%3A%20GPL-2.0&type=code). The legal section in the README specifies "MPD is released under the GNU General Public License version 2", which would probably rather refer to GPL-2.0-only.
In other software projects I am currently using reuse, which helps me a great deal in finding files without dedicated license attribution and unifies making license files available in a top-level LICENSES directory. Maybe this is also a useful approach for mpd.
Expected Behavior
There is a license file for each license used in the repository.
Actual Behavior
There is unfortunately no license file for BSD-2-Clause.
Version
n/a
Configuration
n/a
Log
n/a